Let's explore how we can prevent MITM attacks by introducing a CA to the organization. Let's say the name of this CA is myTrustCA. The digital certificate has its public key, named Pu_myTrustCA, embedded in it. myTrustCA is responsible for signing the certificates for all of the people in the organization, including Alice and Bob. This means that both Bob and Alice have their certificates signed by myTrustCA. When signing their certificates, myTrustCA verifies that they are indeed who they claim to be. 

Now, with this new arrangement in place, let's revisit the sequential interaction between Bob and Alice:

1.  Bob is using {Pr_Bob, Pu_Bob} and Alice is using {Pr_Alice, Pu_Alice}. Both of their public keys are embedded into their digital certificates, signed by myTrustCA. Bob has created a message, M_Bob, and Alice has created a message, M_Alice. They want to exchange these messages with each other in a secure way.
2. They exchange their digital certificates, which contain their public keys. They will only accept the public keys if they are embedded in the certificates signed by the CA they trust. They need to exchange their public keys to establish a secure connection with each other. This means that Bob will use Pu_Alice to encrypt M_Bob before sending the message to Alice.  
3. Let's assume that we have an eavesdropper, X, who is using {Pr_X, Pu_X}. The attacker is able to intercept the public key exchanges between Bob and Alice and replace them with its own public certificate, Pu_X.
4.  Bob rejects X's attempt, as the bad guy's digital certificate is not signed by the CA that Bob trusts. The secure handshake is aborted, the attempted attack is logged with a timestamp and all details, and a security exception is raised.

When deploying a trained machine learning model, instead of Alice, there is a deployment server. Bob only deploys the model after establishing a secure channel, using the previously mentioned steps.

Let us see how we can implement this in Python.

First let us import the packages that are needed.

from xmlrpc.client import SafeTransport, ServerProxy
import ssl

Now let us create a class that can verify the certirficate.

class CertVerify(SafeTransport): 
    def __init__(self, cafile, certfile=None, keyfile=None): 
    SafeTransport.__init__(self) 
    self._ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) 
    self._ssl_context.load_verify_locations(cafile) 
    if cert: 
        self._ssl_context.load_cert_chain(certfile, keyfile) 
    self._ssl_context.verify_mode = ssl.CERT_REQUIRED 

def make_connection(self, host): 
    s = super().make_connection((host, {'context': self._ssl_context})) 
    return s

# Create the client proxy
s = ServerProxy('https://cloudanum.com:15000', transport=VerifyCertSafeTransport('server_cert.pem'), allow_none=True)

Let us look into other vulnerabilities that our deployed model can face.